Difference between revisions of "Configure VPN Server"

From Idrive
Jump to navigation Jump to search
(Blanked the page)
 
(75 intermediate revisions by the same user not shown)
Line 1: Line 1:
==Mark Notes==
 
  
To Do: set time and timezone
 
set secure password / change user name?
 
 
<br\><br\>
 
 
==Initial Configuration==
 
 
===Set up RB2011LS-IN Router for initial configuration===
 
 
Connect to power
 
 
Connect cat 5 cable from Port ETH6 to the NIC for Idrive wireless (192.168.0.10)
 
 
<br\><br\>
 
 
===Connect using Winbox===
 
 
[[File:Mikrotik1.png|500px|thumb]]
 
 
Download and install Winbox [http://download2.mikrotik.com/winbox.exe Configuration tool for RouterOS].
 
 
Run Winbox.exe or double click the icon on the desktop
 
 
[[File:winbox_icon.jpg|100px]]
 
 
click the “…” button, wait for equipment MAC address to be listed, click on it  and Connect. (Default IP Address is 192.168.88.1)
 
 
Document the MAC address for entry into AdminCenter
 
 
Click on "Connect"
 
 
Log in is as admin / password is blank
 
 
 
<br\><br\><br\><br\>
 
 
===Initial Log in===
 
 
 
 
A pop-up window will appear and choose "Remove Configuration" otherwise the router will create a default configuration.
 
 
 
[[File:Mikrotik2.png|500px|center]]
 
 
==Setup using Restore configuration file (Recommended)==
 
 
===Load Idrive Standard configuration===
 
 
[[File:rb2011_restore_config.jpg|600px|thumb]]
 
 
For simplicity and consistency it is better to set the routers configuration using the RouterOS backup/restore function. This "restores" the standard idrive configuration from a .backup file. This will leave only a few custom settings that are specific to the customer location(s).
 
 
 
*Download the most current .backup file from [https://admincenter.idrive.pro/wiki/index.php?title=Idrive_Downloads Admin Center]
 
 
*Unzip the file to the Desktop on your computer
 
 
*In WinBox select “Files” from the left menu to open the Files List window.
 
 
*Use the mouse to drag and drop the configuration file from the Desktop into the Files List (uploads the file to the Router)
 
 
*Highlight the config file and click on "Restore"
 
 
 
<br\><br\><br\><br\><br\><br\><br\><br\><br\><br\><br\><br\><br\><br\>
 
 
===Set Custome/Location Specific Settings===
 
 
After this only thing that needs to be changed is the IP addresses of the Base Station equipment (RB2011LS-IN), port “ether1”, for internet connection,  using Winbox  under “IP” section > “Addressed” and gateway under  “IP” section > “Routes” (0.0.0.0/0 to x.x.x.x).
 
 
 
Set the specific internet settings for this customer and location
 
 
 
<br\><br\>
 
 
==Setup using manual method==
 
 
 
 
 
First step is to create a static IP for your internet connection.
 
 
 
[[File:Mikrotik3.png|500px|center]]
 
 
 
Select "Addresses" from "IP" and click the plus sign.
 
 
 
[[File:Mikrotik4.png|500px|center]]
 
 
 
We used IP 10.3.0.80 which is a local IP from the main router IP Pool and
 
we have forwarded the 1723 port.
 
 
 
[[File:Mikrotik5.png|500px|center]]
 
 
 
Route IP for internet access.
 
 
 
[[File:Mikrotik6.png|500px|center]]
 
 
 
Add IP 0.0.0.0/0 in "Dst. Address:" box. In "Gateway" box add your gateway.
 
 
 
[[File:Mikrotik7.png|500px|center]]
 
 
 
Select "Bridge" from the left menu and add new bridge.
 
 
 
[[File:Mikrotik8.png|500px|center]]
 
 
 
From the same interface select "Ports" tab and add interfaces ether1 and ether2 to "bridge_internet"
 
 
 
[[File:Mikrotik9.png|500px|center]]
 
 
 
[[File:Mikrotik10.png|500px|center]]
 
 
 
Now repeat the step above and create a new bridge.
 
 
Make sure the "ARP" is disabled!
 
 
 
[[File:Mikrotik11.png|500px|center]]
 
 
 
From the same interface click on "STP" tab, check "Protocol mode: rstp" and apply.
 
 
 
[[File:Mikrotik12.png|500px|center]]
 
 
 
Select "Ports" tab from the "Bridge" interface and add new bridge port.
 
 
Select "ether3" and "bridge_tunnel" from the drop-down list.
 
 
 
[[File:Mikrotik13.png|500px|center]]
 
 
 
Create a third bridge, "bridge_local" with "ARP" enabled and add MAC Address: 00:00:5E:80:01:01.
 
 
Select "STP" tab, check "Protocol mode: rstp" and apply.
 
 
 
[[File:Mikrotik14.png|500px|center]]
 
 
 
[[File:Mikrotik15.png|500px|center]]
 
 
 
Return to the IP->Address List interface and add "192.168.0.2/16" to "bridge_local".
 
 
 
[[File:Mikrotik16.png|500px|center]]
 
 
 
Select "Profiles" tab from PPP interface add new profile.
 
 
From the "General" tab fill the new profile name and select "bridge_tunnel" from drop-down list.
 
 
Select "Protocols" tab and check "yes" from "Use Encryption".
 
 
 
[[File:Mikrotik17.png|500px|center]]
 
 
[[File:Mikrotik18.png|500px|center]]
 
 
 
From PPP interface select "Secrets" tab and create new secret.
 
 
Fill with the name and password and select the profile you have created above.
 
 
 
[[File:Mikrotik19.png|500px|center]]
 
 
 
Select "SSTP Server" from PPP->Interface, check 1723 port, select "default-encryption" and uncheck "pap" and "chap" authentication.
 
 
 
[[File:Mikrotik20.png|500px|center]]
 
 
 
If the VPN client is configured the connection will start automatically. If the VPN client is not configured, check [[Configure VPN Client]].
 
 
To check active connection select PPP->Active Connection or Bridge->Ports.
 
 
 
[[File:Mikrotik22.png|500px|center]]
 
 
 
Add the rest of interfaces to "bridge_local" in order to use the router in network.
 
 
 
[[File:Mikrotik21.png|500px|center]]
 

Latest revision as of 18:16, 7 November 2014

Retrieved from "https://admincenter.idriveglobal.com/wiki/index.php?title=Configure_VPN_Server&oldid=3646"